From 4e80b5a060c1ae0f8942527dbdc6ee221992caab Mon Sep 17 00:00:00 2001 From: juancarmore Date: Mon, 13 Oct 2025 12:07:58 +0200 Subject: [PATCH] openapi: update authentication methods to use header-based tokens instead of cookies --- .../success-generate-participant-token.yaml | 6 +-- .../success-generate-recording-token.yaml | 6 +-- .../internal/success-refresh-token.yaml | 10 ++-- .../internal/success-user-login.yaml | 18 +++++-- .../internal/success-user-logout.yaml | 14 ++--- backend/openapi/components/security.yaml | 52 ++++++++++++++----- backend/openapi/paths/internal/auth.yaml | 8 +-- .../paths/internal/meet-global-config.yaml | 10 ++-- backend/openapi/paths/internal/meetings.yaml | 6 +-- .../openapi/paths/internal/participants.yaml | 4 +- .../openapi/paths/internal/recordings.yaml | 4 +- backend/openapi/paths/internal/rooms.yaml | 2 +- backend/openapi/paths/internal/users.yaml | 4 +- backend/openapi/paths/recordings.yaml | 50 +++++++++--------- backend/openapi/paths/rooms.yaml | 32 ++++++------ 15 files changed, 131 insertions(+), 95 deletions(-) diff --git a/backend/openapi/components/responses/internal/success-generate-participant-token.yaml b/backend/openapi/components/responses/internal/success-generate-participant-token.yaml index 74b2eee..27c0694 100644 --- a/backend/openapi/components/responses/internal/success-generate-participant-token.yaml +++ b/backend/openapi/components/responses/internal/success-generate-participant-token.yaml @@ -1,7 +1,7 @@ description: Successfully generated the participant token -headers: - Set-Cookie: - $ref: '../../headers/set-cookie-participant-token.yaml' +# headers: +# Set-Cookie: +# $ref: '../../headers/set-cookie-participant-token.yaml' content: application/json: schema: diff --git a/backend/openapi/components/responses/internal/success-generate-recording-token.yaml b/backend/openapi/components/responses/internal/success-generate-recording-token.yaml index 8ec070e..efdf519 100644 --- a/backend/openapi/components/responses/internal/success-generate-recording-token.yaml +++ b/backend/openapi/components/responses/internal/success-generate-recording-token.yaml @@ -1,7 +1,7 @@ description: Successfully generated the recording token -headers: - Set-Cookie: - $ref: '../../headers/set-cookie-recording-token.yaml' +# headers: +# Set-Cookie: +# $ref: '../../headers/set-cookie-recording-token.yaml' content: application/json: schema: diff --git a/backend/openapi/components/responses/internal/success-refresh-token.yaml b/backend/openapi/components/responses/internal/success-refresh-token.yaml index 27ba329..68cab31 100644 --- a/backend/openapi/components/responses/internal/success-refresh-token.yaml +++ b/backend/openapi/components/responses/internal/success-refresh-token.yaml @@ -1,7 +1,7 @@ description: Successfully refreshed the access token -headers: - Set-Cookie: - $ref: '../../headers/set-cookie-access-token.yaml' +# headers: +# Set-Cookie: +# $ref: '../../headers/set-cookie-access-token.yaml' content: application/json: schema: @@ -10,3 +10,7 @@ content: message: type: string example: Access token for user 'admin' successfully refreshed + accessToken: + type: string + description: > + The new access token to authenticate the user in subsequent requests. diff --git a/backend/openapi/components/responses/internal/success-user-login.yaml b/backend/openapi/components/responses/internal/success-user-login.yaml index af842ca..8691b9f 100644 --- a/backend/openapi/components/responses/internal/success-user-login.yaml +++ b/backend/openapi/components/responses/internal/success-user-login.yaml @@ -1,9 +1,9 @@ description: Successfully logged in -headers: - Set-Cookie: - $ref: '../../headers/set-cookie-access-token.yaml' - Set-Cookie*: - $ref: '../../headers/set-cookie-refresh-token.yaml' +# headers: +# Set-Cookie: +# $ref: '../../headers/set-cookie-access-token.yaml' +# Set-Cookie*: +# $ref: '../../headers/set-cookie-refresh-token.yaml' content: application/json: schema: @@ -12,3 +12,11 @@ content: message: type: string example: User 'admin' logged in successfully + accessToken: + type: string + description: > + The access token to authenticate the user in subsequent requests. + refreshToken: + type: string + description: > + The refresh token to obtain a new access token when the current one expires. diff --git a/backend/openapi/components/responses/internal/success-user-logout.yaml b/backend/openapi/components/responses/internal/success-user-logout.yaml index d4ce038..8000c94 100644 --- a/backend/openapi/components/responses/internal/success-user-logout.yaml +++ b/backend/openapi/components/responses/internal/success-user-logout.yaml @@ -1,11 +1,11 @@ description: Successfully logged out -headers: - Set-Cookie: - description: > - Clears the access and refresh token cookie. - schema: - type: string - example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict' +# headers: +# Set-Cookie: +# description: > +# Clears the access and refresh token cookie. +# schema: +# type: string +# example: 'OvMeetAccessToken=; Path=/; HttpOnly; SameSite=Strict' content: application/json: schema: diff --git a/backend/openapi/components/security.yaml b/backend/openapi/components/security.yaml index ef169cc..0273da7 100644 --- a/backend/openapi/components/security.yaml +++ b/backend/openapi/components/security.yaml @@ -1,30 +1,54 @@ -apiKeyInHeader: +apiKeyHeader: type: apiKey name: X-API-KEY in: header description: > The API key to authenticate the request. This key is required to access the OpenVidu Meet API. -accessTokenCookie: +# accessTokenCookie: +# type: apiKey +# name: OvMeetAccessToken +# in: cookie +# description: > +# The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend. +accessTokenHeader: type: apiKey - name: OvMeetAccessToken - in: cookie + name: Authorization + in: header description: > The JWT token to authenticate the request in case of consuming the API from the OpenVidu Meet frontend. -refreshTokenCookie: +# refreshTokenCookie: +# type: apiKey +# name: OvMeetRefreshToken +# in: cookie +# description: > +# The JWT token to refresh the access token when it expires. +refreshTokenHeader: type: apiKey - name: OvMeetRefreshToken - in: cookie + name: X-Refresh-Token + in: header description: > - The JWT token to refresh the access token when it expires.. -participantTokenCookie: + The JWT token to refresh the access token when it expires. +# participantTokenCookie: +# type: apiKey +# name: OvMeetParticipantToken +# in: cookie +# description: > +# The JWT token to authenticate the participant when entering the room. +participantTokenHeader: type: apiKey - name: OvMeetParticipantToken - in: cookie + name: X-Participant-Token + in: header description: > The JWT token to authenticate the participant when entering the room. -recordingTokenCookie: +# recordingTokenCookie: +# type: apiKey +# name: OvMeetRecordingToken +# in: cookie +# description: > +# The JWT token containing permissions to access the recordings in a room. +recordingTokenHeader: type: apiKey - name: OvMeetRecordingToken - in: cookie + name: X-Recording-Token + in: header description: > The JWT token containing permissions to access the recordings in a room. diff --git a/backend/openapi/paths/internal/auth.yaml b/backend/openapi/paths/internal/auth.yaml index 44646b2..e14ed8f 100644 --- a/backend/openapi/paths/internal/auth.yaml +++ b/backend/openapi/paths/internal/auth.yaml @@ -38,7 +38,7 @@ tags: - Internal API - Authentication security: - - refreshTokenCookie: [] + - refreshTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-refresh-token.yaml' @@ -59,7 +59,7 @@ tags: - Internal API - Authentication security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '201': $ref: '../../components/responses/internal/success-create-api-key.yaml' @@ -76,7 +76,7 @@ tags: - Internal API - Authentication security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-get-api-keys.yaml' @@ -90,7 +90,7 @@ tags: - Internal API - Authentication security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-delete-api-key.yaml' diff --git a/backend/openapi/paths/internal/meet-global-config.yaml b/backend/openapi/paths/internal/meet-global-config.yaml index ce739e9..2b409ca 100644 --- a/backend/openapi/paths/internal/meet-global-config.yaml +++ b/backend/openapi/paths/internal/meet-global-config.yaml @@ -7,7 +7,7 @@ tags: - Internal API - Global Config security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-get-webhooks-config.yaml' @@ -25,7 +25,7 @@ tags: - Internal API - Global Config security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/update-webhooks-config.yaml' responses: @@ -81,7 +81,7 @@ tags: - Internal API - Global Config security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/update-security-config.yaml' responses: @@ -105,7 +105,7 @@ tags: - Internal API - Global Config security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-get-appearance-config.yaml' @@ -125,7 +125,7 @@ tags: - Internal API - Global Config security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/update-appearance-config.yaml' responses: diff --git a/backend/openapi/paths/internal/meetings.yaml b/backend/openapi/paths/internal/meetings.yaml index e47a509..c0957d9 100644 --- a/backend/openapi/paths/internal/meetings.yaml +++ b/backend/openapi/paths/internal/meetings.yaml @@ -9,7 +9,7 @@ tags: - Internal API - Meetings security: - - participantTokenCookie: [] + - participantTokenHeader: [] parameters: - $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/internal/x-participant-role.yaml' @@ -35,7 +35,7 @@ tags: - Internal API - Meetings security: - - participantTokenCookie: [] + - participantTokenHeader: [] parameters: - $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/internal/participant-identity.yaml' @@ -62,7 +62,7 @@ tags: - Internal API - Meetings security: - - participantTokenCookie: [] + - participantTokenHeader: [] parameters: - $ref: '../../components/parameters/room-id-path.yaml' - $ref: '../../components/parameters/internal/participant-identity.yaml' diff --git a/backend/openapi/paths/internal/participants.yaml b/backend/openapi/paths/internal/participants.yaml index bd645c6..bb9122b 100644 --- a/backend/openapi/paths/internal/participants.yaml +++ b/backend/openapi/paths/internal/participants.yaml @@ -7,7 +7,7 @@ tags: - Internal API - Participant security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/participant-token-request.yaml' responses: @@ -36,7 +36,7 @@ tags: - Internal API - Participant security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/participant-token-request.yaml' responses: diff --git a/backend/openapi/paths/internal/recordings.yaml b/backend/openapi/paths/internal/recordings.yaml index 6448ce4..8a6f05d 100644 --- a/backend/openapi/paths/internal/recordings.yaml +++ b/backend/openapi/paths/internal/recordings.yaml @@ -7,7 +7,7 @@ tags: - Internal API - Recordings security: - - participantTokenCookie: [] + - participantTokenHeader: [] parameters: - $ref: '../../components/parameters/internal/x-participant-role.yaml' requestBody: @@ -42,7 +42,7 @@ tags: - Internal API - Recordings security: - - participantTokenCookie: [] + - participantTokenHeader: [] parameters: - $ref: '../../components/parameters/recording-id.yaml' - $ref: '../../components/parameters/internal/x-participant-role.yaml' diff --git a/backend/openapi/paths/internal/rooms.yaml b/backend/openapi/paths/internal/rooms.yaml index 509bf65..4e8aeb1 100644 --- a/backend/openapi/paths/internal/rooms.yaml +++ b/backend/openapi/paths/internal/rooms.yaml @@ -8,7 +8,7 @@ tags: - Internal API - Rooms security: - - accessTokenCookie: [] + - accessTokenHeader: [] parameters: - $ref: '../../components/parameters/room-id-path.yaml' requestBody: diff --git a/backend/openapi/paths/internal/users.yaml b/backend/openapi/paths/internal/users.yaml index 24af572..d94b784 100644 --- a/backend/openapi/paths/internal/users.yaml +++ b/backend/openapi/paths/internal/users.yaml @@ -7,7 +7,7 @@ tags: - Internal API - Users security: - - accessTokenCookie: [] + - accessTokenHeader: [] responses: '200': $ref: '../../components/responses/internal/success-get-profile.yaml' @@ -22,7 +22,7 @@ tags: - Internal API - Users security: - - accessTokenCookie: [] + - accessTokenHeader: [] requestBody: $ref: '../../components/requestBodies/internal/change-password-request.yaml' responses: diff --git a/backend/openapi/paths/recordings.yaml b/backend/openapi/paths/recordings.yaml index 1ab8a32..c7db57b 100644 --- a/backend/openapi/paths/recordings.yaml +++ b/backend/openapi/paths/recordings.yaml @@ -6,14 +6,14 @@ Retrieves a paginated list of all recordings available in the system. You can apply filters to narrow down the results based on specific criteria. - > **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, + > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method, > the `roomId` filter will be ignored and only recordings associated with the room included in the token will be returned. tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: # - $ref: '../components/parameters/recording-status.yaml' - $ref: '../components/parameters/recording-fields.yaml' @@ -38,15 +38,15 @@ description: | Deletes multiple recordings at once with the specified recording IDs. - > **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, + > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method, > all specified recordings must belong to the same room included in the token. > If a recording does not belong to that room, it will not be deleted. tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-ids.yaml' responses: @@ -71,15 +71,15 @@ Downloads multiple recordings as a ZIP file with the specified recording IDs. The ZIP file will contain all recordings in MP4 format. - > **Note:** If this endpoint is called using the `recordingTokenCookie` authentication method, + > **Note:** If this endpoint is called using the `recordingTokenHeader` authentication method, > all specified recordings must belong to the same room included in the token. > If a recording does not belong to that room, it will not be included in the ZIP file. tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-ids.yaml' responses: @@ -118,9 +118,9 @@ tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-secret.yaml' @@ -150,9 +150,9 @@ tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-id.yaml' responses: @@ -183,9 +183,9 @@ tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-id.yaml' - $ref: '../components/parameters/recording-secret.yaml' @@ -252,14 +252,14 @@ Retrieves the URL of a recording with the specified recording ID. This URL is intended to be shared with people who do not have direct access to the recording. - # It can be configured to be accessible by anyone (public access) or restricted to authenticated users only, + # It can be configured to be accessible by anyone (public access) or restricted to authenticated users only, # depending on the `privateAccess` query parameter. tags: - OpenVidu Meet - Recordings security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - recordingTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - recordingTokenHeader: [] parameters: - $ref: '../components/parameters/recording-id.yaml' # - $ref: '../components/parameters/private-access.yaml' diff --git a/backend/openapi/paths/rooms.yaml b/backend/openapi/paths/rooms.yaml index 8857c36..efeea64 100644 --- a/backend/openapi/paths/rooms.yaml +++ b/backend/openapi/paths/rooms.yaml @@ -8,8 +8,8 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] requestBody: $ref: '../components/requestBodies/create-room-request.yaml' responses: @@ -32,8 +32,8 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] parameters: - $ref: '../components/parameters/room-name.yaml' - $ref: '../components/parameters/room-fields.yaml' @@ -64,8 +64,8 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] parameters: - $ref: '../components/parameters/room-ids.yaml' - $ref: '../components/parameters/meeting-deletion-policy.yaml' @@ -92,9 +92,9 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - participantTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - participantTokenHeader: [] parameters: - $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/room-fields.yaml' @@ -128,8 +128,8 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] parameters: - $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/meeting-deletion-policy.yaml' @@ -160,9 +160,9 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] - - participantTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] + - participantTokenHeader: [] parameters: - $ref: '../components/parameters/room-id-path.yaml' - $ref: '../components/parameters/internal/x-participant-role.yaml' @@ -189,8 +189,8 @@ tags: - OpenVidu Meet - Rooms security: - - apiKeyInHeader: [] - - accessTokenCookie: [] + - apiKeyHeader: [] + - accessTokenHeader: [] parameters: - $ref: '../components/parameters/room-id-path.yaml' requestBody: